A November report from Google Cloud details possible nation-state malware tactics in 2024 and new angles of cyberattacks.

Google Forecast: Watch Out For Old and New Ways To Get Hacked

Regarding the ever-changing face of cybersecurity, it’s hard to find companies that monitor it better than the folks at Google. They released a report in November about what to look for in 2024 if you are in your company’s IT security department. It is eye-opening stuff.

Google Cloud’s global Cybersecurity Forecast found that generative AI can help attackers and defenders and urged security personnel to look out for nation-state-backed attacks and more.

Contributors to the report included several of Google Cloud’s security leaders and security experts from Mandiant Intelligence, Mandiant Consulting, Chronicle Security Operations, Google Cloud’s Office of the CISO, and VirusTotal.

An article from techrepublic.com has listed some of Google’s concerns for the coming year.

Bad Guys With Good Tools

Threat actors will use generative AI and large language models in phishing and other social engineering scams, Google Cloud predicted.

Because generative AI can create natural-sounding content, employees may struggle to identify scam emails through poor grammar or spam calls through robotic-sounding voices. Attackers could use generative AI to create fake news or fake content, Google Cloud warned.

However, the generative AI that the bad guys might use to attack you is also very good at defending you from such attacks.

“AI is already providing a tremendous advantage for our cyber defenders, enabling them to improve capabilities, reduce toil and better protect against threats,” said Phil Venables, chief information security officer at Google Cloud, in an email to TechRepublic.

Nations SpearPhishing

Regardless of how you felt about the 2016 election, there is no doubt that Russia intensely attacked our social media sites and other information centers to push the election toward Donald Trump. And while that is old news, the fact is, the invasion of our voting systems has not stopped.

The report noted nation-state actors may launch cyberattacks against the U.S. government as the 2024 U.S. presidential election approaches. Spearphishing in particular may be used to target electoral systems, candidates, or voters.

Hacktivism, or politically motivated threat actors not associated with a particular nation-state, is having a resurgence, Google Cloud said. So is the prospect of computer extortion.

Older Attacks Still Dangerous

While the report looks toward the 2024  election year, it points out that the older tactics that hackers were using are still very much in play.

Some of the trends Google Cloud highlighted show that well-known types of cyberattacks should still be on security teams’ radar.

Zero-day vulnerabilities may continue to increase. Nation-state attackers and threat actor groups may embrace zero days because those vulnerabilities give attackers persistent access to an environment. Phishing emails and malware are now relatively easy for security teams and automated solutions to detect, but zero-day vulnerabilities remain relatively effective, the report stated.

This article has a lot of good info to put in front of your security people to at least give them a heads-up on what Google thinks we should be looking out for in the coming year. AI is only getting faster, and smarter, and could be far more harmful if we don’t take the appropriate steps to protect our IT from the bad guys with good tools.

read more at techrepublic.com